[Full-disclosure] Hasbani-WindWeb/2.0 Remote DoS [ with exploit ]
From: Expanders (expanders_at_libero.it)
Date: 10/27/05
- Previous message: Mandriva Security Team: "[Full-disclosure] MDKSA-2005:201 - Updated sudo packages fix vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.grok.org.uk> Date: Thu, 27 Oct 2005 21:55:04 +0200
[i] Title: Hasbani-WindWeb/2.0 - HTTP GET Remote DoS
[i] Discovered by: Expanders
[i] Exploit by: Expanders
[ What is Hasbani-WindWeb/2.0 ]
Hasbani server is a httpd created for menaging ethernet routers and adsl modems.
[ Why HTTPD crash? ]
Causes of DoS are not perfecly known by me 'cos i can't debug a chip-integrated http daemon.
Btw seems that Hasbani enter a loop in a GET /..:..:..etc. condition, causes that when an attacker reguest a long crafted string
server enter an endless loop with conseguenly crash of the httpd.
NOTE: This exploit DON'T drop down victim's adsl connection!
[ Exploit ]
Attacked or
http://download.x0n3-h4ck.org/XH-Hasbani-HTTPD-DoS.c
[ Timeline ]
This vulnerability was not comunicated because i did'n find Hasbani's vendor.
[ Links ]
www.x0n3-h4ck.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- application/octet-stream attachment: XH-Hasbani-HTTPD-DoS.c
- Previous message: Mandriva Security Team: "[Full-disclosure] MDKSA-2005:201 - Updated sudo packages fix vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
